Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-13937

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.

Published

2020-10-19T21:15:12.623

Last Modified

2024-11-21T05:02:11.323

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-922
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application apache kylin 2.0.0 Yes
Application apache kylin 2.1.0 Yes
Application apache kylin 2.2.0 Yes
Application apache kylin 2.3.0 Yes
Application apache kylin 2.3.1 Yes
Application apache kylin 2.3.2 Yes
Application apache kylin 2.4.0 Yes
Application apache kylin 2.4.1 Yes
Application apache kylin 2.5.0 Yes
Application apache kylin 2.5.1 Yes
Application apache kylin 2.5.2 Yes
Application apache kylin 2.6.0 Yes
Application apache kylin 2.6.1 Yes
Application apache kylin 2.6.2 Yes
Application apache kylin 2.6.3 Yes
Application apache kylin 2.6.4 Yes
Application apache kylin 2.6.5 Yes
Application apache kylin 2.6.6 Yes
Application apache kylin 3.0.0 Yes
Application apache kylin 3.0.0 Yes
Application apache kylin 3.0.0 Yes
Application apache kylin 3.0.0 Yes
Application apache kylin 3.0.1 Yes
Application apache kylin 3.0.2 Yes
Application apache kylin 3.1.0 Yes
Application apache kylin 4.0.0 Yes
References